Posts tagged vnc
Windows Vista Remote Desktop Setup
0
Your data at risk?: Why physical security is insufficient for laptop computers
Your data at risk?:
Why physical security is insufficient for laptop
computers
Evaluating the various security options to protect your data PCs can be a challenge. This
article examines the options, discusses why the passwords alone do not are sufficient and do
the case for strong data encryption.
Your data at risk?: Why physical security is
insufficient Laptop
New frontiers in computer security
The significance of computer security continues to evolve. Physical security used to be the
The major concern. Through the 1980s, mainframe computers were locked in special
air-conditioned rooms within the buildings safe.
Security costs, when they were considered together, constituted a percentage much small
overall system costs. Today, these systems are called "server systems", and although they are
important for law own, they comprise a small percentage of all computer sales each
year. According to market researcher Gartner, 2.3 million systems of servers sold worldwide in
third quarter of 2008 compared to 80.6 million PCs that shipped in the same period.
The widespread use of PCs creates far greater vulnerability in relation to yesterday's mainframe
computers. While desktop PCs are arguably less secure than centralized servers, such systems
probably identical to the physical safety of an enterprise of the other site features. The
at least secure computers are those that are mobile.
According to Gartner's estimate for 2008 global growth of mobile PCs is 25% versus 1.2%
for desktops. According to his estimate, 293 million PCs will be shipped in 2008.
If you prefer the PC term "mobile" "Laptop or notebook," "vulnerable systems
are taken outside the shop. Despite the diligence of the employee, Mobile PCs are lost or stolen. Not
Convinced? Take a look www.privacyrights.org An infringement notice on website security data
involve personally identifiable information (PII).
More than half of U.S. states require disclosure of such breaches. Do not let
your company name are added to this list, good solutions are available.
Attacks on data security laptop
To a casual observer, a laptop seems safe. To use a type of system computer, users must
credentials in a window. If users do not provide the username and password correctly, they can not
access the system. As someone who misplaces the keys to a car, someone who forgets a computer
password is blocked. Without the proper credentials, access is blocked. Or is it?
Passwords alone do not protect the data of the login process prevents unauthorized users
of software implementation. But the password is not, by itself, make the data on hard disks safe. The
user without a username and password are not correct can use the services of the operating system
once installed and configured on that particular hard drive. However, a person with experience in technology without
appropriate credentials can still attack a computer.
There are three possible strategies of attack:
• • device alternate startup
• • boot device boot alternative + alternative
program
• • Move a hard drive of a computer alternative
system
Attack # 1: Alternative boot device
One type of attack involves the use an alternative boot device instead of the hard disk. Each
computer system supports this option. For many years and many versions of Windows Microsoft
disks of installation has been distributed on CD-ROM or DVD. A simple way to access a
system data is a disk boot to the Windows installation and install a new copy of the operating system.
This approach makes available data that resides on a hard drive.
Attack # 2: Alternative boot device + startup program alternative
A second attack combines the first attack with special programs from startup. For example, many IT
Professionals use CD-ROMs with software such as BartPE (Bart's Preinstalled Environment) as an aid in fixing systems with startup problems.
In addition to legitimate uses, unauthorized persons can use this type of tool to mount an attack.
In addition to accessing data files from normal user, these tools provide access to operating system files that are not available when the operating system is running. Of particular interest is the SecurityAccounts Manager (SAM) database encrypted
file with password hashes. Although this is an encrypted file, techniques are widely available to decrypt and read the SAM password hashes. Although different from plain text passwords, a password hash is the result produced when a password is run through an algorithm. When replacing a hashed password to an existing account, perhaps one with administrator privileges, a thief data can start and run the original operating system and any software installed.
Protection against attacks # 1 and # 2
Support for Devices boot option allows installation of the operating system. After the operating system
been installed, use of alternate boot device can be disabled in the Basic Input / Output System (BIOS). Just as you can lock
the front door of your house, you can boot block devices alternative with proper BIOS settings. To keep these settings in place, you also
need to enable password protection in BIOS own. The third step of locking the computer case, prevents a reset of BIOS and failure
above measures.
Attack # 3: Moving a hard drive to a computer system alternative
An individual with physical access to a laptop computer can remove the hard drive laptop, using a screwdriver. Once removed from the original
system, the laptop hard drive can be connected to another computer and one in which the individual has valid credentials. When installed on another computer's hard drive laptop is not the system drive bootable. Instead, the laptop drive hard drive appears as a secondary data drive (drive D, E, etc.). When connected to another system like this, data from the laptop is so easily accessible
If as an authorized user was originally connected to the laptop. At this point, all data are read;
only the encrypted data is hidden of view. What an attacker can use to enable this type of unauthorized access? There are several options,
but the simplest is a kit of office of the disk drive. These kits are available in computer stores. compartments of the hard disk has a very reasonable and legitimate purpose: the creation of a Device portable storage. The hard disk box allows any hard drive to be portable across computer systems. These boxes support USB connections and 1394 (ie, FireWire) connections. The cost is nominal, usually less than U.S. $ 20 (€ 15).
Therefore, this product may have legitimate uses illegitimate. The hard disk box allows unauthorized users to read data on a hard drive
unit taken from a lost or stolen laptop computer.
Using this tool, anyone with physical access to the hard disk can have full access to the data on that drive. hard drive enclosure kits also include a screwdriver, which is often the only tool required to remove a hard disk of a laptop.
Securing data needs encryption
True data security requires making data unreadable to people who are not allowed to access the
data. And because the permissions of the file system can be replaced with schemes such as those described above, data encryption is the only truly safe way to hide sensitive data. To unauthorized users, the encrypted data is meaningless. Only authorized
users with valid credentials can access the encryption keys needed to decrypt and use of data.
This section examines the encryption support in Microsoft Windows and popular support encryption products in three data encryption at Sophos.
A look into encrypted files
To understand the protection that provides data encryption, you must understand the difference
between the data in an unencrypted state and an encrypted state. In both states, the data appear
in two ways: (1) the numerical values and (2 data) of characters. Software engineers typically use two types
monitors when they need to understand the exact location of every bit and byte of data. In an unencrypted "clear text display, the text data
is clearly readable. Interestingly, even the most sophisticated data processing text Word normally store in a very readable. Of course, it helps engineers software to write
sophisticated programs. From the standpoint of safety, this practice also makes it easy for any friend or foe, to read data in hard disk.
It's a different situation, when the same file is saved on a hard drive that is fully encrypted.
When comparing a monitor with a clear view without encryption, it becomes obvious that
two are different. The encrypted data contains nothing that seems even vaguely understandable.
And that is the essence of encryption to make any piece of data unintelligible and unusable to all except those are allowed to use the data.
Data encryption in Microsoft Windows
Microsoft Windows supports some data encryption. Beginning with Windows 2000, Microsoft made
support available for the Encrypting File System (EFS), an internal mechanism to encrypt specific files or entire folders that reside on NTFS partitions. Note that FAT partitions are not supported, which means that files stored on USB memory sticks can not be encrypted.
Encrypting File System (EFS)
When an individual file is encrypted using EFS, the modifications made in this file can result in
creating unencrypted, or "plain text" copies. When a user opens an encrypted file using Microsoft Word, the file is decoded by the operating system and copied to a temporary location. The simple text file that is used during the editing process, and get the content encrypted
again only when the file is closed. This process can leave remnants unencrypted disk, opening the possibility that information confidential, may be revealed.
The greater vulnerability of EFS comes from the fact that access is tied to a user's logon account.
For example, a data thief can reset a user password on systems that are vulnerable to attacks described earlier in this document. A thief can impersonate a user legitimate, thereby gaining access to files for which EFS commitment
User ID has access rights. Paradoxically, the use of EFS in such situations, has a negative effect on data security. A thief probably consider
EFS enabled files first, based on the assumption that the encrypted files are likely to be data withsensitive.
BitLocker Full Drive Encryption
A safer alternative for EFS encryption is complete unit. Full drive encryption protection
both types of attacks described in this document. When an alternate boot media is used, the contents of the drive are encrypted gibberish. When a
encrypted hard drive is connected as a secondary drive (see Attack # 3), the contents are not readable.
A central benefit of full drive encryption is that the choice of what data to encrypt and to leave unprotected is taken from the user.
All data is encrypted in the encrypted partitions, without exception. Microsoft's complete unit Encryption
solution is BitLocker. Sophos solutions complete drive encryption are SafeGuard Easy SafeGuard Enterprise and its successor. Let us consider BitLocker. In Windows Vista, BitLocker can encrypt a disk partition: one with the operating system (usually drive C). Compared with EFS, BitLocker provides a safest way to protect data. BitLocker enabled on a system, data on the boot partition is not available unless a valid password is entered during system startup.
As described, Microsoft has some built in support for encryption of data, starting with Windows 2000. When you need more than what comes with the operating system, we invite you to look
Sophos product line of data encryption.
Conclusion
Your data at risk? Unless your data is encrypted,
the answer is yes. Although you must protect all
computer systems, those who leave a company
Perimeter physical security are the most
vulnerable. Those include computers used laptops
for sales professionals, executives or those who
take in visits to remote sites company. Without
encryption, the data of your company is at risk. Not
become a headline lost laptop.
About the Author
This article was provided by Sophos and is reproduced here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware.
Tutorial: Setting up Remote Desktop in Windows Mobile
|
|
Sling Media Slingbox PRO-HD SB300-100 $299.99 Take your entire HD home theater with you wherever you go with the Slingbox PRO-HD. Connect to multiple A/V devices and tune into your favorite TV shows, sporting events, and special programming in stunning, true-to-life 1080i high definition. The PRO-HD gives you the same features and ease of use as the Slingbox SOLO, plus a high-quality HD viewing experience-anywhere in the world. Easily connect... |
|
|
May Flash N64 Controller Adapter for PC USB $6.98 Connect your Nintendo 64 joypads to your PC USB port. All buttons are supported, perfect for any emulation program but also works with any modern PC game. It allows you to play all PC games designed to be played with joysticks. Really plug and play, it makes your PC a real gaming platform. Please Note: Please use original controllers along with this adapter. Third party controllers may not work ... |
|
|
Plugable USB 2.0 to 10/100/1000 Gigabit Ethernet LAN Network Adapter (ASIX AX88178 Chipset) $26.95 Add a network interface to your computer via USB. Common uses are for improved speeds vs. 10/100 adapters and wireless networks, for replacing a broken internal network card, for adding a separately routable network interface, and for peer-peer file transfer over Ethernet. It is not a solution for connecting a USB device to a network. PerformancePlug into any USB 2.0 laptop or desktop currently li... |
|
|
Windows 7 Vista XP Media Center MCE PC Remote Control and Infrared Receiver for Home, Premium and Ultimate Edition $8.46 Product Specifications: o Number of keys: 46 keys & 3 mouse keys Package Include... |
